Skip to content

Commit

Permalink
deps: replace tweetnacl-util with @scure/base
Browse files Browse the repository at this point in the history
- `tweetnacl-util` is no longer actively maintained
- `@scure/base` is already pulled in transitively through `ethereum-cryptography`
- Remove redundant base64 encode/decode step when decoding hex input
  • Loading branch information
legobeat committed Apr 22, 2024
1 parent 72495df commit 8daca4d
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 41 deletions.
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,9 @@
"@ethereumjs/util": "^8.1.0",
"@metamask/abi-utils": "^2.0.2",
"@metamask/utils": "^8.1.0",
"@scure/base": "~1.1.3",
"ethereum-cryptography": "^2.1.2",
"tweetnacl": "^1.0.3",
"tweetnacl-util": "^0.15.1"
"tweetnacl": "^1.0.3"
},
"devDependencies": {
"@lavamoat/allow-scripts": "^2.3.1",
Expand Down
40 changes: 13 additions & 27 deletions src/encryption.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { base64, utf8 } from '@scure/base';
import * as nacl from 'tweetnacl';
import * as naclUtil from 'tweetnacl-util';

import { isNullish } from './utils';

Expand Down Expand Up @@ -47,12 +47,12 @@ export function encrypt({
// assemble encryption parameters - from string to UInt8
let pubKeyUInt8Array: Uint8Array;
try {
pubKeyUInt8Array = naclUtil.decodeBase64(publicKey);
pubKeyUInt8Array = base64.decode(publicKey);
} catch (err) {
throw new Error('Bad public key');
}

const msgParamsUInt8Array = naclUtil.decodeUTF8(data);
const msgParamsUInt8Array = utf8.decode(data);
const nonce = nacl.randomBytes(nacl.box.nonceLength);

// encrypt
Expand All @@ -66,9 +66,9 @@ export function encrypt({
// handle encrypted data
const output = {
version: 'x25519-xsalsa20-poly1305',
nonce: naclUtil.encodeBase64(nonce),
ephemPublicKey: naclUtil.encodeBase64(ephemeralKeyPair.publicKey),
ciphertext: naclUtil.encodeBase64(encryptedMessage),
nonce: base64.encode(nonce),
ephemPublicKey: base64.encode(ephemeralKeyPair.publicKey),
ciphertext: base64.encode(encryptedMessage),
};
// return encrypted msg data
return output;
Expand Down Expand Up @@ -165,18 +165,15 @@ export function decrypt({

switch (encryptedData.version) {
case 'x25519-xsalsa20-poly1305': {
// string to buffer to UInt8Array
const receiverPrivateKeyUint8Array = naclDecodeHex(privateKey);
const receiverPrivateKeyUint8Array = Buffer.from(privateKey, 'hex');
const receiverEncryptionPrivateKey = nacl.box.keyPair.fromSecretKey(
receiverPrivateKeyUint8Array,
).secretKey;

// assemble decryption parameters
const nonce = naclUtil.decodeBase64(encryptedData.nonce);
const ciphertext = naclUtil.decodeBase64(encryptedData.ciphertext);
const ephemPublicKey = naclUtil.decodeBase64(
encryptedData.ephemPublicKey,
);
const nonce = base64.decode(encryptedData.nonce);
const ciphertext = base64.decode(encryptedData.ciphertext);
const ephemPublicKey = base64.decode(encryptedData.ephemPublicKey);

// decrypt
const decryptedMessage = nacl.box.open(
Expand All @@ -191,7 +188,7 @@ export function decrypt({
if (!decryptedMessage) {
throw new Error();
}
const output = naclUtil.encodeUTF8(decryptedMessage);
const output = utf8.encode(decryptedMessage);
// TODO: This is probably extraneous but was kept to minimize changes during refactor
if (!output) {
throw new Error();
Expand Down Expand Up @@ -242,19 +239,8 @@ export function decryptSafely({
* @returns The encryption public key.
*/
export function getEncryptionPublicKey(privateKey: string): string {
const privateKeyUint8Array = naclDecodeHex(privateKey);
const privateKeyUint8Array = Buffer.from(privateKey, 'hex');
const encryptionPublicKey =
nacl.box.keyPair.fromSecretKey(privateKeyUint8Array).publicKey;
return naclUtil.encodeBase64(encryptionPublicKey);
}

/**
* Convert a hex string to the UInt8Array format used by nacl.
*
* @param msgHex - The string to convert.
* @returns The converted string.
*/
function naclDecodeHex(msgHex: string): Uint8Array {
const msgBase64 = Buffer.from(msgHex, 'hex').toString('base64');
return naclUtil.decodeBase64(msgBase64);
return base64.encode(encryptionPublicKey);
}
17 changes: 5 additions & 12 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -903,6 +903,7 @@ __metadata:
"@metamask/eslint-config-nodejs": ^11.1.0
"@metamask/eslint-config-typescript": ^11.1.0
"@metamask/utils": ^8.1.0
"@scure/base": ~1.1.3
"@types/jest": ^27.0.6
"@types/node": ^16.18.50
"@typescript-eslint/eslint-plugin": ^5.59.1
Expand All @@ -922,7 +923,6 @@ __metadata:
rimraf: ^3.0.2
ts-jest: ^27.0.3
tweetnacl: ^1.0.3
tweetnacl-util: ^0.15.1
typedoc: ^0.24.6
typescript: ~4.8.4
languageName: unknown
Expand Down Expand Up @@ -1041,10 +1041,10 @@ __metadata:
languageName: node
linkType: hard

"@scure/base@npm:~1.1.0":
version: 1.1.1
resolution: "@scure/base@npm:1.1.1"
checksum: b4fc810b492693e7e8d0107313ac74c3646970c198bbe26d7332820886fa4f09441991023ec9aa3a2a51246b74409ab5ebae2e8ef148bbc253da79ac49130309
"@scure/base@npm:~1.1.0, @scure/base@npm:~1.1.3":
version: 1.1.3
resolution: "@scure/base@npm:1.1.3"
checksum: 1606ab8a4db898cb3a1ada16c15437c3bce4e25854fadc8eb03ae93cbbbac1ed90655af4b0be3da37e12056fef11c0374499f69b9e658c9e5b7b3e06353c630c
languageName: node
linkType: hard

Expand Down Expand Up @@ -5784,13 +5784,6 @@ __metadata:
languageName: node
linkType: hard

"tweetnacl-util@npm:^0.15.1":
version: 0.15.1
resolution: "tweetnacl-util@npm:0.15.1"
checksum: ae6aa8a52cdd21a95103a4cc10657d6a2040b36c7a6da7b9d3ab811c6750a2d5db77e8c36969e75fdee11f511aa2b91c552496c6e8e989b6e490e54aca2864fc
languageName: node
linkType: hard

"tweetnacl@npm:^1.0.3":
version: 1.0.3
resolution: "tweetnacl@npm:1.0.3"
Expand Down

0 comments on commit 8daca4d

Please sign in to comment.